Search Results

Search found 18 results on 1 pages for 'domaincontroller'.

Page 1/1 | 1 

  • Using Active Directory to authenticate users in a WWW facing website

    - by Basiclife
    Hi, I'm looking at starting a new web app which needs to be secure (if for no other reason than that we'll need PCI accreditation at some point). From previous experience working with PCI (on a domain), the preferred method is to use integrated windows authentication which is then passed all the way through the app to the database. This allows for better auditing as well as object-level permissions (ie an end user can't read the credit card table). There are advantages in that even if someone compromises the webserver, they won't be able to glean any additional information from the database. Also, the webserver isn't storing any database credentials (beyond perhaps a simple anonymous user with very few permissions) So, now I'm looking at the new web app which will be on the public internet. One suggestion is to have a Active Directory server and create windows accounts on the AD for each user of the site. These users will then be placed into the appropriate NT groups to decide which DB permissions they should have (and which pages they can access). ASP already provides the AD membership provider and role provider so this should be fairly simple to implement. There are a number of questions around this - Scalability, reliability, etc... and I was wondering if there is anyone out there with experience of this approach or, even better, some good reasons why to do it / not to do it. Any input appreciated Regards Basiclife

    Read the article

  • Windows computer account appears to reset its own password, why?

    - by David Yu
    Has anyone seen this where a computer account appears to reset its password? The password for user 'WEST\SQLCLUSTER$' was reset by 'WEST\SQLCLUSTER$' on 'DOMAINCONTROLLER.WEST.company.corp' at '04/23/10 20:47:41' Event Type: Success Audit Event Source: Security Event Category: Account Management Event ID: 628 Date: Friday, April 23, 2010 Time: 8:47 PM User: WEST\SQLCLUSTER$ Computer: DOMAINCONTROLLER.WEST.company.corp Description: User Account password set: Target Account Name: SQLCLUSTER$ Target Domain: WEST Target Account ID: WEST\SQLCLUSTER$ Caller User Name: SQLCLUSTER$ Caller Domain: WEST Caller Logon ID: (0x0,0x7A518945)

    Read the article

  • Under which circumstances can a *local* user account access a remote SQL Server with a trusted connection?

    - by Heinzi
    One of our customers has the following configuration: On the domain controller, there's an SQL Server. On his PC (WinXP), he logs on with LocalPC\LocalUser. In Windows Explorer, he opens DomainController\SomeShare and authenticates as Domain\Administrator. He starts our application, which opens a trusted connection (Windows authentication) to the SQL Server. It works. In SSMS, the connection shows up with the user Domain\Administrator. Firstly, I was surprised that this even works. (My first suspicion was that there is a user with the same name and password in the domain, but there is no user LocalUser in the domain.) Then we tried to reproduce the same behaviour on his new PC, but failed: On his new PC (Win7), he logs on with OtherLocalPC\OtherLocalUser. In Windows Explorer, he opens DomainController\SomeShare and authenticates as Domain\Administrator. He starts our application, which opens a trusted connection (Windows authentication) to the SQL Server. It fails with the error message Login failed for user ''. The user is not associated with a trusted SQL Server connection. Hence my question: Under which conditions can a non-domain user access a remote SQL Server using Windows Authentication with different credentials? Apparently, it's possible (it works on his old PC), but why? And how can I reproduce it?

    Read the article

  • Exchange 2010 setup /prepareAD fails to run

    - by MadBoy
    I've tried installing Exchange 2010 on Windows Server 2008 R2 (only domain controller and all-in-one system). I did setup.exe /prepareAD, setup /prepareSchema and it worked fine the first time I did it. Unfortunately due to problem with Hub Transport installation related to (at least from what I've read) IPv6 being disabled (some say disabling it helped them while some enabling helped them). I did it the proper way by using registry entry to disable IPv6 but it still errored out. So i managed to uninstall everything (renamed some old entries in registry of failed Hub Transport roles and tried to reinstal Exchange after rebooting server. Unfortunetly running setup /prepareAD now gives an error: D:setup /PrepareAd Welcome to Microsoft Exchange Server 2010 Unattended Setup By continuing the installation process, you agree to the license terms of Microsoft Exchange Server 2010. If you don't accept these license terms, please cancel the installation. To review these license terms, please go to http://go.microsoft.com/fwlink/?LinkId=150127&clcid=0x409/ Press any key to cancel setup................ No key presses were detected. Setup will continue. Preparing Exchange Setup Copying Setup Files ......................... COMPLETED No server roles will be installed Performing Microsoft Exchange Server Prerequisite Check Organization Checks ......................... COMPLETED Setup is going to prepare the organization for Exchange 2010 by using 'Setup /P repareAD'. No Exchange 2007 server roles have been detected in this topology. Af ter this operation, you will not be able to install any Exchange 2007 server rol es. Configuring Microsoft Exchange Server Organization Preparation ......................... FAILED The following error was generated when "$error.Clear(); buildToBuildUpgrade -ExsetDataAtom -AtomName OrgLevelCt -DomainController $RoleDomainController" was run: "An error occurred with error code '2147504140' and message 'The data type can't be converted to or from a native Active Directory data type.'.". The Exchange Server setup operation did not complete. Visit http://support.micro soft.com and enter the Error ID to find more information. Exchange Server setup encountered an error. Unfortunetly if i rerun the setup it complains that it needs setup /prepareAD to be run first. Basically all that works now is setup /PrepareSchema and setup /PrepareDomain complains that prepareAD wasn't done. For full information I'm also attaching error I had before I've uninstalled everything and tried again: Hub Transport Role Failed Error: The following error was generated when "$error.Clear(); install-ExsetdataAtom -AtomName SharedMachineSettings -DomainController $RoleDomainController" was run: "An error occurred with error code '2147950640' and message 'There is no such object on the server.'.". An error occurred with error code '2147950640' and message 'There is no such object on the server.'.

    Read the article

  • Which ports to open on domain vs internet

    - by zsharp
    I have a web server/database/domainController. I notice that ports 137 and 138 on the public IP AND private IP are open on all machines there are also other open ports on 0.0.0.0.(ie. 135, 2002) Can and should I close 137-139 on the public IP only? will that interfere with any services.

    Read the article

  • static routes, cisco ASA, remote locations

    - by Jeff
    192.168.3.1(ASA) - 192.168.2.1(ASA) - ( internet ) - 192.168.1.1(ASA) DomainController, FS, Exchange 192.168.0.1(ASA) - above is a rough idea what my network setup looks like. each internal ip (192.168.x.x) is located behind an ASA. Each location has a different gateway for the internet. They all talk to the 192.168.1.1 network for dns, dhcp, dc, exchange and so on. They can only see the 192.168.1.1, they can not see each other. In my Static Routes on my 192.168.1.1 ASA, should i have them configure as follows? example: 192.168.x.x 255.255.255.0 Locations_Internet_Gateway_IP OR 192.168.x.x 255.255.255.0 Main_Locations_Internet_Gateway_IP not sure which configurtation is correct, thanks in advance for any help!

    Read the article

  • Installing Exchange 2010 Error with Ipv6 disabled/enabled

    - by MadBoy
    I've tried installing Exchange 2010 on Windows 2k8 R2. Following error occurred when installing Hub Transport Role. Hub Transport Role Failed Error: The following error was generated when "$error.Clear(); install-ExsetdataAtom -AtomName SharedMachineSettings -DomainController $RoleDomainController" was run: "An error occurred with error code '2147950640' and message 'There is no such object on the server.'.". An error occurred with error code '2147950640' and message 'There is no such object on the server.' I have tried installation with both IPV6 turned on and off. Both failed and both required me to do some magic to uninstall Exchange, and try installation again. Feel free to shoot your ideas what can be done to resolve the error. In the end I will install HyperV and put Exchange 2010 on different server but that's not what the server owner wanted.

    Read the article

  • Automatically taken out of AD domain

    - by Mattias
    Hi Guys, arrived to work this morning just to find that I couldn't log on to my computer. As it turned out my computer had been "unjoined" from our domain. I am positive that I didn't "unjoin" manually yesterday before I closed the computer down. Have anyone experienced this behavior before and is it even possible? Or should I start getting nervous about anyone playing around on the serverside? I'm running my domaincontroller on a Windows2003 server and the client computer that got "unjoined" is a Windows 7 Ultimate.

    Read the article

  • IP stops working from time to time

    - by Mattias
    Hi, have a problem that I can't seem to find the reason for. We are running a small network with windows clients(XP/Win7) and windows servers(2008 sp2/2008r2). The domaincontroller is working as DC, DNS, DHCP, VPN. We have a Level1 FBR4000 between internet and our internal network. The problem is that from time to time specific IP-adresses stops working, the only way I have gotten the devices to work again is to exclude the specific IP from the DHCP address pool and getting a new IP, then everything works again. It seems as the specific IP is beeing banned/blocked somewhere but I just can't figure out where. Anyone got an idea as to where I should start to look? I could also point out that I just reinstalled all servers due to a officemove and was hoping to get away from this problem but it just showed up again. This last time it was my iPhone that got stuck through the Wi-Fi...

    Read the article

  • Exchange 2010 Room Mailbox Calendar Permissions

    - by Brian Mitchell
    Exchange 2010 sp2 Outlook 2007/2010 Server 2008 I have managed to set up several room mailboxes in exchange, people are able to book the rooms and they get a response from the exchange server. this is brilliant. however users are unable to view the calendar of the room mailbox to see what times are available, in a ideal world I would like users to only see if the room is free or not. I dont want users to see the details of the meeting (title, description etc) I have been trying to do this using the following command Add-MailboxFolderPermission -Identity meetingroom -User "Usergroup" -AccessRights AvailabilityOnly -DomainController AD-Server This throws the following error Specified argument was out of the range of valid values. Parameter name: memberRights + CategoryInfo : NotSpecified: (meetingroom:MailboxFolderIdParameter) [Add-MailboxFolderPermission], Argum entOutOfRangeException + FullyQualifiedErrorId : CBC6516F,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission Any help on the situation would be brilliant, i have been trying to get this done for a couple of days and im going around in circles.

    Read the article

  • Authenticating to multiple OUs in Active Directory

    - by Jaxidian
    I'm using the Active Directory Membership Provider with the following configuration: <connectionStrings> <add name="MyConnString" connectionString="LDAP://domaincontroller/OU=Product Users,DC=my,DC=domain,DC=com" /> </connectionStrings> <membership defaultProvider="MyProvider"> <providers> <clear /> <add name="MyProvider" connectionStringName="MyConnString" connectionUsername="my.domain.com\service_account" connectionPassword="biguglypassword" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership> This works perfectly except it requires ALL of my users to be in the "Product Users" OU when I would actually like to have all of my users organized into various child OUs under our "Product Users" OU. Is this possible? (Note that this is a partial repost of this question but the question I'm asking here was never answered there.)

    Read the article

  • How can I fix Grails error: "No domain class found for name PrivacyOptions. Please try again and e

    - by ?????
    I'm just getting started with Groovy/Grails. I added a new domain controller to my project, and generate-controller doesn't like it. There are other indications something's wrong: If I run the app no table is actually created in the database for this. I've reduced the DomainController to one String field and no constraints, just to make sure there wasn't something wrong with my specification. I also tried renaming it, just in case there was something about the original name (Privacy) that conflicted with something. I'm sure I have the correct name, and that the file is called PrivacyOptions.groovy and inside the class is also called PrivacyOptions. Here's the error: Running script /opt/local/grails/scripts/GenerateController.groovy Environment set to development Domain class not found in grails-app/domain, trying hibernate mapped classes... No domain class found for name PrivacyOptions. Please try again and enter a valid domain class name

    Read the article

  • SSL Certifcate Request s2003 DC CA DNS Name not Avaiable.

    - by Beuy
    I am trying to submit a request for an SSL certificate on a Domain Controller in order to enable LDAP SSL, and having no end of problems. I am following the information provided at http://support.microsoft.com/default.aspx?scid=kb;en-us;321051 & http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl Steps taken so far: Create Servername.inf with the following information ;----------------- request.inf ----------------- [Version] Signature="$Windows NT$ [NewRequest] Subject = "CN=servername.domain.loc" ; replace with the FQDN of the DC KeySpec = 1 KeyLength = 1024 ; Can be 1024, 2048, 4096, 8192, or 16384. ; Larger key sizes are more secure, but have ; a greater impact on performance. Exportable = TRUE MachineKeySet = TRUE SMIME = False PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication ;----------------------------------------------- Create Certificate request by running: certreq -new Servername.inf Servername.req Attempt to submit Certificate request to CA by running: certreq -submit -attrib "CertificateTemplate: DomainController" request.req At which point I get the following error: The DNS name is unavailable and cannot be added to the Subject Alternate Name. 0x8009480f (-2146875377) Trouble shooting steps I have taken so far 1. Modify the Domain Controller Template to supply Subject Name in Request restart Certificate Service, include SAN in Request, same error. 2. Re-installed Certificate Services / IIS / Restarted machine countless times Any help resolving the issue would be greatly appreciated.

    Read the article

  • MOSS2007 tries to use ActiveDirectory when I have configured an alternative membership provider

    - by glenatron
    I've got a MOSS site that I am trying to configure using Forms authentication and absolutely any kind of membership provider whatsoever. Thus far ActiveDirectory has proved obstructively difficult so I've just whipped up a simple stub membership provider and put it in the GAC. It's a very basic and simple provider but it works fine with an ASP.Net site, I just can't make it work with Sharepoint. On Sharepoint I get the following error when I look for StubProvider:Bob ( or anything else for that matter) from the "Policy For Web Application" people picker: Error in searching user 'StubProvider:bob' : System.ComponentModel.Win32Exception: Unable to contact the global catalog server at Microsoft.SharePoint.Utilities.SPActiveDirectoryDomain.GetDirectorySearcher() at Microsoft.SharePoint.WebControls.PeopleEditor.SearchFromGC(SPActiveDirectoryDomain domain, String strFilter, String[] rgstrProp, Int32 nTimeout, Int32 nSizeLimit, SPUserCollection spUsers, ArrayList& rgResults) at Microsoft.SharePoint.Utilities.SPUserUtility.SearchAgainstAD(String input, SPActiveDirectoryDomain domainController, SPPrincipalType scopes, SPUserCollection usersContainer, Int32 maxCount, String customQuery, TimeSpan searchTimeout, Boolean& reachMaxCount) at Microsoft.SharePoint.Utilities.SPActiveDirectoryPrincipalResolver.SearchPrincipals(String input, SPPrincipalType scopes, SPPrincipalSource sources, SPUserCollection usersContainer, Int32 maxCount, Boolean& reachMaxCount) at Microsoft.SharePoint.Utilities.SPUtility.SearchPrincipalFromResolvers(List`1 resolvers, String input, SPPrincipalType scopes, SPPrincipalSource sources, SPUserCollection usersContainer, Int32 maxCount, Boolean& reachMaxCount, Dictionary`2 usersDict). The Provider is named as Authentication Provider for the Site Collection in question. As far as I can tell this is because Sharepoint is still trying to access ActiveDirectory rather than talking to the provider I'm asking it to use. My Sharepoint Central Administration section includes this: <membership> <providers> <add name="StubProvider" type="StubMembershipProvider.Provider, StubMembershipProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5bd7e2498c3e1a03" /> </providers> </membership> And also: <PeoplePickerWildcards> <clear /> <add key="StubProvider" value="%" /> </PeoplePickerWildcards> Is there a clear reason why this would not be accessible from the PeoplePicker or why it is still trying to use ActiveDirectory? I've made sure I reset IIS and even restarted the server to see if either of those helped but they made no difference.

    Read the article

  • MOSS2007 tries to use ActiveDirectory when I have configured an alternative membership provider

    - by glenatron
    I've got a MOSS site that I am trying to configure using Forms authentication and absolutely any kind of membership provider whatsoever. Thus far ActiveDirectory has proved obstructively difficult so I've just whipped up a simple stub membership provider and put it in the GAC. It's a very basic and simple provider but it works fine with an ASP.Net site, I just can't make it work with Sharepoint. On Sharepoint I get the following error when I look for StubProvider:Bob ( or anything else for that matter) from the "Policy For Web Application" people picker: Error in searching user 'StubProvider:bob' : System.ComponentModel.Win32Exception: Unable to contact the global catalog server at Microsoft.SharePoint.Utilities.SPActiveDirectoryDomain.GetDirectorySearcher() at Microsoft.SharePoint.WebControls.PeopleEditor.SearchFromGC(SPActiveDirectoryDomain domain, String strFilter, String[] rgstrProp, Int32 nTimeout, Int32 nSizeLimit, SPUserCollection spUsers, ArrayList& rgResults) at Microsoft.SharePoint.Utilities.SPUserUtility.SearchAgainstAD(String input, SPActiveDirectoryDomain domainController, SPPrincipalType scopes, SPUserCollection usersContainer, Int32 maxCount, String customQuery, TimeSpan searchTimeout, Boolean& reachMaxCount) at Microsoft.SharePoint.Utilities.SPActiveDirectoryPrincipalResolver.SearchPrincipals(String input, SPPrincipalType scopes, SPPrincipalSource sources, SPUserCollection usersContainer, Int32 maxCount, Boolean& reachMaxCount) at Microsoft.SharePoint.Utilities.SPUtility.SearchPrincipalFromResolvers(List`1 resolvers, String input, SPPrincipalType scopes, SPPrincipalSource sources, SPUserCollection usersContainer, Int32 maxCount, Boolean& reachMaxCount, Dictionary`2 usersDict). The Provider is named as Authentication Provider for the Site Collection in question. As far as I can tell this is because Sharepoint is still trying to access ActiveDirectory rather than talking to the provider I'm asking it to use. My Sharepoint Central Administration section includes this: <membership> <providers> <add name="StubProvider" type="StubMembershipProvider.Provider, StubMembershipProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5bd7e2498c3e1a03" /> </providers> </membership> And also: <PeoplePickerWildcards> <clear /> <add key="StubProvider" value="%" /> </PeoplePickerWildcards> Is there a clear reason why this would not be accessible from the PeoplePicker or why it is still trying to use ActiveDirectory? I've made sure I reset IIS and even restarted the server to see if either of those helped but they made no difference.

    Read the article

  • Logging Remote Server Access via Remote Desktop

    - by Nate Bross
    The objective here is to start a simple .NET application I've written which captures some environment variables (time, username, computername, etc) upon login. This .NET application subscribes to the Windows "User logout" event. Upon launch, the application captures the above variables, and creates a record in my database, upon logout (which I'm capturing) I update another field in the same record, with the logout time. The above is working exactly as I would like, when I launch the binary, it makes its initial log entry, then waits for the logout event and updates the same record. Restrictions, the .NET binary should be able to live on a share point (\server\share\myapp\v1) so I can update the application to (\server\share\myapp\v2) and simply update the GPO/Logon script. My initial thought was to use the \domaincontroller\sysvol\ directory to store the binary and then update all user accounts to include a call to my application. Can you see any flaws in this approach? My question is this: First, is there anything wrong with my idea above? Second, if so, what is the best way (through group policy or otherwise) to ensure this application launches whenever a session is started on a server?

    Read the article

  • Logging Remote Desktop to Servers via Logon Script or GPO or What?

    - by Nate Bross
    The objective here is to start a simple .NET application I've written which captures some environment variables (time, username, computername, etc) upon login. This .NET application subscribes to the Windows "User logout" event. Upon launch, the application captures the above variables, and creates a record in my database, upon logout (which I'm capturing) I update another field in the same record, with the logout time. The above is working exactly as I would like, when I launch the binary, it makes its initial log entry, then waits for the logout event and updates the same record. Restrictions, the .NET binary should be able to live on a share point (\server\share\myapp\v1) so I can update the application to (\server\share\myapp\v2) and simply update the GPO/Logon script. My initial thought was to use the \domaincontroller\sysvol\ directory to store the binary and then update all user accounts to include a call to my application. Can you see any flaws in this approach? My question is this: First, is there anything wrong with my idea above? Second, if so, what is the best way (through group policy or otherwise) to ensure this application launches whenever a session is started on a server?

    Read the article

  • Active Directory Membership Provider - how to expand on this?

    - by Jaxidian
    I'm working on getting an MVC app up and running via AD Membership Provider and I'm having some issues figuring this out. I have a base configuration setup and working when I login as [email protected] + password. <connectionStrings> <add name="MyConnString" connectionString="LDAP://domaincontroller/OU=Product Users,DC=my,DC=domain,DC=com" /> </connectionStrings> <membership defaultProvider="MyProvider"> <providers> <clear /> <add name="MyProvider" connectionStringName="MyConnString" connectionUsername="my.domain.com\service_account" connectionPassword="biguglypassword" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership> However, I'd LIKE to do some other things and I'm not sure how to go about them. Login without typing the domain (i.e. the "@my.domain.com"). I realize that this could only work if I limit myself to just one domain - that's fine. Organize users in up to N different OUs within a single OU. As you can tell from my current connection string, I'm authenticating users in my Product Users OU. I would LIKE to create OUs for various companies within this OU and put the users into those OUs. How can I authenticate across all of these different OUs? I'm trying to figure out how the Active Directory Membership Provider ties in with the Profile and Role providers. Are there AD versions of those too or am I stuck with SQL, home-grown, or finding something somebody else has coded up? Many thanks!!

    Read the article

1